Visa Security Summit Focuses on Opportunities
WASHINGTON—Executives attending Visa’s Oct. 2 Global Security Summit here were told by speakers that increased data security at large retail firms and data processors have forced many thieves move on from seeking big data breaches and compromises. However, the presenters also pointed out that every new app, website, mobile transaction and smart appliance increases opportunities for criminals.
As a result, Ellen Ritchey, Visa's global head of enterprise risk, said the firm has coined the phrase "Responsible Innovation" to describe efforts to balance technological opportunities with security.
"We are standing at a crossroads, a place where plastic is turning into mobile," Ritchey said. "As innovation accelerates the electronification of commerce, security needs to be built in from the start. The payments industry has to embrace responsible innovation and renew its commitment to the principles and standards that have made us so successful to date."
Ritchey said the technical and payments landscape has changed since Visa's first security summit in 2007. Today, more than 200 million phishing emails are sent to consumers each day, and 80,000 consumers respond, she said.
And, at least 10% of American consumers have shared their Social Security numbers on a social media site, she said, drawing groans and chuckles from the audience. Ritchey also shared examples of people who had posted photos of their debit cards on Twitter or shared card data on Facebook.
“These are the challenges our industry faces,” Ritchey said. “The opportunities for greater connection, commerce and frictionless payments, the risks of what each of those might bring.”
In another session, panelists discussing cybercrime agreed that payment card data has largely been eclipsed as the most valuable in the international marketplace.
Kurt Baumgartner, principal security researcher at Kaspersky Lab, an international cybersecurity firm, said data from European breaches is worth four or five times more than data from U.S. breaches. Criminals are now seeking security question information like high school mascots and information about first jobs, he said, along with traditional information like social security numbers and birthdates.
Byron Acohido, a technology reporter and blogger with USA Today, recalled a recent incident in which hackers breached an underground market of stolen information and discovered the thieves had been stealing information from Lexus/Nexus and Dun + Bradstreet for months or maybe years.
“This suggests that thieves might have had their fingers in the pies of some of the very largest companies for a very long time,” Acohido said.
The panel agreed that the Lexus/Nexus compromise has implications for the rise of cloud computing.
“Essentially, cloud computing aggregates the data for thieves,” Baumgartner said, though he added that cloud computing can also have strengths that could help make it a reliable resource going forward.
Both Baumgartner and Acohido agreed with Donald Good, section chief for cyber operations at the FBI, who said there has been increased communication across platforms and organizations to develop defenses against cyber theft. However, law abiding firms are not communicating or cooperating as much as thieves are.
“Cyber thieves have become extremely efficient about communication and cooperation on as needed basis,” Baumgartner added.
The federal government shutdown cast a shadow over the event, prompting changes to the agenda and reducing attendance.
Jim VandeHei, executive editor of Politico and a panel of Politico reporters were pessimistic about a swift end to the shutdown, and also said the U.S. could default on its debt. The panel replaced Rep. Michael McCaul (R-Texas), chairman of the House Committee on Homeland Security, who had been scheduled as the event’s luncheon speaker.
VandeHei was particularly pessimistic, citing the chance of the U.S. defaulting on its debt payments at about 30%. The panelists pointed to the lack of pressure on congressmen from very conservative districts. Likewise, President Obama is unwilling to be the first president to cave to Congressional threats.